Multi-subnet/vlan and failover

Gregory Sloop gregs at sloop.net
Fri May 10 07:07:06 UTC 2013 

@Kyle
Yes, that's it exactly. Thanks!

---
I did find a post about putting it in a pool block after posting my query, just about the time you posted your response - but hadn't had a chance to test it - so that's great. It now works.

BUT...
When I run it, I see odd stuff [running dhcpd in -d -f
debug/foreground mode]...

---
I see a pair of DHCPDISCOVERs

One from ETH0 and the other from the IP/DHCP helper on the L3 switch.
i.e.
DHCPDISCOVER from so:me:ma:ca:dd:rs on eth0
DHCPDISCOVER from so:me:ma:ca:dd:rs on 10.1.2.1 
[This second one is the layer 3 switch, which is forwarding the DHCP session to the DHCP server]

Then dhcpd makes two offers - one on 10.1.1.X and one on 10.1.2.X
Since the station isn't on the 10.1.1.X VLAN and *is* on the 10.1.2.X
VLAN it "accepts" the 10.1.2.X address and it "works."

But I'm sure it's not supposed to be this way.
[And I'm pretty sure I'm doing something obvious and perhaps stupid, but I just don't know where to look or what to try.]

How do I go about making it only see the forwarded DHCP session and not the one on eth0 [or some other option I'm simply not aware of...]

---

-Greg


Are you looking for something like this?

subnet 172.21.27.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option broadcast-address 172.21.27.255;
  option routers 172.21.27.1;
  ddns-domainname "example.com.";
  option domain-search "example.com";
  pool {
    failover peer "dhcp-failover";
    range 172.21.27.5 172.21.27.254;
  }
}


On Thu, May 9, 2013 at 8:08 PM, Gregory Sloop <gregs at sloop.net> wrote:
So, I've done a fair bit of reading and searching - and this general
template is what I thought would work, but it doesn't.

Let me post the dhcp.conf file and then discuss what's wrong and ask
for pointers.

---
authoritative;
#ddns-update-style interim;
ignore client-updates;
#option host-name = config-option server.ddns-hostname;

#include "/etc/rndc.key";

option domain-name              "somedom.local";
option domain-name-servers      10.1.1.190,10.1.2.1,10.1.1.17;
option time-offset              -18000; # Pacific Standard Time
option ntp-servers              10.1.1.14
one-lease-per-client off;

#4 hour lease
default-lease-time 14400;
max-lease-time 14400;
option ip-forwarding off;

failover peer "dhcp-failover" {
  primary; # declare this to be the primary server
  # Address if THIS dhcp server, or what address to listen ON
  address 10.1.1.1;
  port 647;
  # Address of the DHCP fail-over peer.
  peer address 10.1.1.2;
  peer port 647;
  max-response-delay 60;
  max-unacked-updates 10;
  #load balance max seconds 3;
  mclt 3600;
  split 0;
}

    subnet 10.1.1.0 netmask 255.255.255.0 {
        range 10.1.1.1 10.1.1.254;
        option routers                  10.1.1.1;
        option subnet-mask              255.255.255.0;
        failover peer "dhcp-failover";
    }

    subnet 10.1.2.0 netmask 255.255.255.0 {
        range 10.1.2.1 10.1.2.254;
        option routers                  10.1.2.1;
        option subnet-mask              255.255.255.0;
        failover peer "dhcp-failover";
    }

    subnet 10.1.3.0 netmask 255.255.255.0 {
        range 10.1.3.1 10.1.3.254;
        option routers                  10.1.3.1;
        option subnet-mask              255.255.255.0;
        failover peer "dhcp-failover";
    }

---
Now, I've disabled DDNS updates for simplicity sake. Once I get the
multi-subnet/VLAN setup and failover working I'll add that back.

Perhaps that impacts things somehow, so if you'll keep that in mind,
I'd appreciate it.

So, when I try this config I get an error saying that a failover needs
to be inside a shared network block.

But if I do that, I've been told [read] that the DHCP server won't
know how to assign the different subnets. [This would apply to a
network where I wanted to share all the 10.1.1.1-10.1.3.254 as a
single pool/block and assign any station any IP in the whole block.]

But I have a L3 switch and I want these assigned to each VLAN.

---
So, I setup the conf file without a shared-network and it works fine
with the L3 DHCP helper/proxy. Clients on VLAN1 get 10.1.1.0 blocks
and VLAN2 get 10.1.2.0 blocks etc.

So, with the "failover" block commented out, it works charmingly! Very
cool!

---
But I *also* want to use failover.

And when I put in a fail-over outside a shared-network, it complains
that it must be inside a shared network.

So, how to I use fail-over AND maintain the subnet grouping above?

---
I'll keep reading, but I've tinkered with this quite a bit and for the
life of me, I can't see how one would go about it.

-Greg

More information about the dhcp-users mailing list